First of all, why, why, why are you parsing the form variables and cookies yourself? People with a lot more experience have spent considerable time making sure that reliable secure routines exist for this, and they made them available in CGI module. use CGI, because CGI is your friend.

Second of all, when you don't know which part of program is misbehaving, break the problem into small parts. If you think that the post part may be getting the wrong data, why don't you print them? If you think the problem is in the cookie, print out the cookie line you receive, print out the intermediate values in the decoding process, print out the result.